1. Field of the Invention
The present invention relates generally to the field of data communications, and more particularly applies to a system and method for framing variable-length packets, which also provides for their protection in a stream of such packets.
2. Description of the Related Art
For decades, data processing applications mainly stored information in alphanumeric form. It was only at the beginning of the 1990s that processor performance and the sharp drop in prices for mass storage made it possible to run multimedia applications on computer systems. Information is now increasingly held in a mix of still images, video, text, and sound/speech databases. Additionally, these new information technologies are used for interactive communication. Satisfying these requirements not only calls for networks having significant transmission bandwidth; it also requires that an adequate transport mechanism be put in place that is flexible enough to allow the transmission, over the same medium, for example, of digitally coded voice on one hand and large quantities of raw data representing a still image on the other hand. The former, which has low bandwidth requirements, ideally needs that small chunks of data transferred, at regular intervals, be transported to a remote location with a delay that should not exceed a few tenths of milliseconds to permit that a conversation may comfortably take place between two distant interlocutors. On the contrary, the latter would require that very large chunks of data be transferred together to limit the overhead that necessarily results from the fragmentation of a large data file in packets, the delay in that case being a far less important criterion.
Thus, broadband ISDN (Integrated Services Digital Network) was an attempt to set up a single, unified, worldwide, and high-speed network in place of the multiplicity of existing networks for different applications. The new, universal network was intended to be able to take over, on one hand, the functions of current speech, data and television networks and, on the other hand, to provide enough scope for the implementation of future communications technologies. The first work on standards for this universal network of the future was begun by CCITT (International Telegraph and Telephone Consultative Committee) in the late 80""s, under the heading of B-ISDN. It is based on ATM (Asynchronous Transfer Mode), which is a data transmission technique belonging to the family of cell switched systems (cell relay). An ATM cell is a small (53 bytes, including a 5-byte header and a 48-byte payload) fixed-size packet. The fixed length of 53 bytes for a cell is therefore the result of a compromise between the demands of analog speech transfer and digital data transmission. In digital transfer of analog speech signals, the speech is sampled 8000 times a second and each sampled value is transmitted as an eight-bit code. This means that 64 kbits/sec have to be carried by each speech channel and result in a cell being sent only every 6.6 ms and, possibly, at a much lower rate if compression techniques are applied at the source to save bandwidth. While it would be best to have as short a cell as possible for pure analog speech transfer, on the other hand, with 9.4% of overhead, a 53 byte packet size is not very well suited for economical transmission of pure data streams. These typically require that segmentation at source and re-assembly at destination be carried out to restore data files and messages. Thus, as a compromise, ATM is neither completely satisfactory for the transmission of voice nor of data.
Another key aspect of today""s data communications deals with security and integrity of the transmissions. Security is well handled at application level with encryption techniques, e.g. DES (Data Encryption System), an international standard based on a symmetric algorithm using the same key for encryption and decryption while authentication is carried out by adding a signature or message digest to the transmitted data so as to be sure of its origin and content. A well-known example of this is the MD5 (Message Digest Algorithm version 5) subject of the IETF (Internet Engineering Task Force) RFC (Request For Comment) 1321. At transport level data integrity is generally insured by the use of CRCs (Cyclic Redundancy Checking), which consists of adding to a transmitted message or data entity i.e, a packet, an FCS (Field Check Sequence) so that the receiving end can check that it has not been altered on its way. However, this was intended mainly for the detection of hardware and software malfunctions or of errors occurring on transmission lines and, because this is done on a per packet basis, it cannot detect unwanted insertion or complete dropping of packets be it done accidentally or maliciously, e.g. with xe2x80x98cut and pastexe2x80x99 techniques. Although this may possibly end up to be finally detected by a higher level protocol at destination end, this does not help in pinpointing the source of the problem when data were transported. With the exponential increase of the amount of data exchanged over diverse and complex communications networks, sometimes spanning over large or very large geographic distances through numerous nodes and transport media, there is also a need to improve this aspect in the transmission of multimedia sources of data.
Thus, it is a broad object of the present invention to propose a variable-length packet framing technique to better adapt the transportation medium to the various sources of data encountered in a multimedia environment.
It is another object of the invention to permit that data streams, composed of those variable-length packets, be secured so that no packet can be wrongly inserted or dropped when transported without being immediately detectable.
It is still another object of the invention that adding and dropping of packets in authorized intermediate transport nodes, along with their routing, be carried out without having to decrypt user data so that end to end security of transported data is insured.
It is yet another advantage of the invention to permit that CRCs, already present in many protocols to check packet content, be also useable for framing the variable-length packets.
Further advantages of the present invention will become apparent to the ones skilled in the art upon examination of the drawings and detailed description. It is intended that any additional advantages be incorporated herein.
A method and a system for framing variable-length packets in a data communications system are disclosed. The successive variable-length packets, aimed at transporting users"" data, are formed in a stream of chained packets. When having to frame an nth packet of the stream of packets, a first CRC is computed over the data to be transported by this nth packet. Then, a header is prepared including at least a data length field. After which a second CRC is computed encompassing the header of the nth packet and the first CRC of the immediate previous (nxe2x88x921th) framed packet. This is followed by the concatenation of the header with the second CRC, the data and the first CRC so that the nth packet is thus framed and chained into the stream of chained packets. The first CRC of current (nth) packet is temporarily remembered so that framing and chaining of the immediate subsequent (n+1th) packet can then take place. This repeats for every variable-length packet to be framed.
The method and system of the invention also assume that encryption is performed independently, on one hand, over the first CRC of nxe2x88x921th packet along with the header and the second CRC of the nth packet and, on the other hand, over the data of nth packet.
Therefore, the invention, which allows better adaptation of the transportation of multi-media users"" data in packets of variable-lengths, also secures it by chaining successive packets, thus preventing that accidental or malicious deletion and insertion of packets be carried out and remain undetected. Also, the invention permits that intermediate transport nodes, duly authorized i.e., owning keys to decrypt headers, may perform packet add/drop multiplexing without requiring that users"" data be decrypted on their way to their final destination.